Output: Azure Monitor: Cleanup and add README

influxdata · Apr 30, 2018 · e4f0f68 · e4f0f68
1 parent 341d467
commit e4f0f68
Show file tree

Hide file tree

Showing 4 changed files with 268 additions and 211 deletions.
diff --git a/plugins/outputs/azuremonitor/README.md b/plugins/outputs/azuremonitor/README.md
@@ -0,0 +1,74 @@
+## Azure Monitor Custom Metrics Output for Telegraf
+
+This plugin will send custom metrics to Azure Monitor.
+
+All metrics are written as summarized values: min, max, sum, count. The Telegraf field name is appended to the metric name. All Telegraf tags are set as the metric dimensions.
+
+## Azure Authentication
+
+This plugin can use one of several different types of credentials to authenticate
+with the Azure Monitor Custom Metrics ingestion API endpoint. In the following
+order the plugin will attempt to authenticate.
+1. Managed Service Identity (MSI) token
+    - This is the prefered authentication method.
+    - Note: MSI is only available to ARM-based resources.
+2. AAD Application Tokens (Service Principals)
+    - Primarily useful if Telegraf is writing metrics for other resources. [More information](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-objects).
+    - A Service Principal or User Principal needs to be assigned the `Monitoring Contributor` or `Metric Publisher` roles.
+3. AAD User Tokens (User Principals)
+    - Allows Telegraf to authenticate like a user. It is best to use this method for development.
+
+## Config
+
+For this output plugin to function correctly the following variables
+must be configured.
+
+* resourceId
+* region
+
+### region
+
+The region is the Azure region that you wish to connect to.
+Examples include but are not limited to:
+* useast
+* centralus
+* westcentralus
+* westeurope
+* southeastasia
+
+### resourceId
+
+The resourceId used for AWS CloudWatch metrics.
+
+### Configuration:
+
+```
+# Configuration for sending aggregate metrics to Azure Monitor
+[[outputs.azuremonitor]]
+## The resource ID against which metric will be logged.  If not
+## specified, the plugin will attempt to retrieve the resource ID
+## of the VM via the instance metadata service (optional if running 
+## on an Azure VM with MSI)
+#resourceId = "/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.Compute/virtualMachines/<vm-name>"
+## Azure region to publish metrics against.  Defaults to eastus.
+## Leave blank to automatically query the region via MSI.
+#region = "useast"
+
+## Write HTTP timeout, formatted as a string.  If not provided, will default
+## to 5s. 0s means no timeout (not recommended).
+# timeout = "5s"
+
+## Whether or not to use managed service identity.
+#useManagedServiceIdentity = true
+
+## Fill in the following values if using Active Directory Service
+## Principal or User Principal for authentication.
+## Subscription ID
+#azureSubscription = ""
+## Tenant ID
+#azureTenant = ""
+## Client ID
+#azureClientId = ""
+## Client secrete
+#azureClientSecret = ""
+```
diff --git a/plugins/outputs/azuremonitor/azuremetadata.go b/plugins/outputs/azuremonitor/azuremetadata.go
@@ -59,8 +59,8 @@ type VirtualMachineMetadata struct {
 	} `json:"network"`
 }
 
-// MsiToken is the managed service identity token
-type MsiToken struct {
+// msiToken is the managed service identity token
+type msiToken struct {
 	AccessToken  string `json:"access_token"`
 	RefreshToken string `json:"refresh_token"`
 	ExpiresIn    string `json:"expires_in"`
@@ -74,7 +74,7 @@ type MsiToken struct {
 	raw       string
 }
 
-func (m *MsiToken) parseTimes() {
+func (m *msiToken) parseTimes() {
 	val, err := strconv.ParseInt(m.ExpiresOn, 10, 64)
 	if err == nil {
 		m.expiresAt = time.Unix(val, 0)
@@ -87,23 +87,23 @@ func (m *MsiToken) parseTimes() {
 }
 
 // ExpiresAt is the time at which the token expires
-func (m *MsiToken) ExpiresAt() time.Time {
+func (m *msiToken) ExpiresAt() time.Time {
 	return m.expiresAt
 }
 
 // ExpiresInDuration returns the duration until the token expires
-func (m *MsiToken) ExpiresInDuration() time.Duration {
+func (m *msiToken) ExpiresInDuration() time.Duration {
 	expiresDuration := m.expiresAt.Sub(time.Now().UTC())
 	return expiresDuration
 }
 
 // NotBeforeTime returns the time at which the token becomes valid
-func (m *MsiToken) NotBeforeTime() time.Time {
+func (m *msiToken) NotBeforeTime() time.Time {
 	return m.notBefore
 }
 
 // GetMsiToken retrieves a managed service identity token from the specified port on the local VM
-func (s *AzureInstanceMetadata) GetMsiToken(clientID string, resourceID string) (*MsiToken, error) {
+func (s *AzureInstanceMetadata) getMsiToken(clientID string, resourceID string) (*msiToken, error) {
 	// Acquire an MSI token.  Documented at:
 	// https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/how-to-use-vm-token
 	//
@@ -159,7 +159,7 @@ func (s *AzureInstanceMetadata) GetMsiToken(clientID string, resourceID string)
 			resp.StatusCode, resp.Status, reply)
 	}
 
-	var token MsiToken
+	var token msiToken
 	if err := json.Unmarshal(reply, &token); err != nil {
 		return nil, err
 	}

diff --git a/plugins/outputs/azuremonitor/azuremetadata_test.go b/plugins/outputs/azuremonitor/azuremetadata_test.go
@@ -30,7 +30,7 @@ func TestGetTOKEN(t *testing.T) {
 	azureMetadata := &AzureInstanceMetadata{}
 
 	resourceID := "https://ingestion.monitor.azure.com/"
-	token, err := azureMetadata.GetMsiToken("", resourceID)
+	token, err := azureMetadata.getMsiToken("", resourceID)
 
 	require.NoError(t, err)
 	require.NotEmpty(t, token.AccessToken)